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Remarks 

Claims 1-34 and 36-45 were presented for examination and were pending in this 
application. In a Final Office Action dated July 15, 2005, claims 1-28, 30-34, 36-43 and 
45 were rejected; claim 44 was allowed, and claim 29 was objected to. On August 22, 
2005, an interview took place between Examiner Aravind Moorthy and Applicants' 
representative, Dorian Cartwright Applicants have amended claims herein to further 
clarify the invention, and not in response to the cited references. The amendments add no 
new matter. Applicants have canceled claims herein. Applicants thank Examiner for 
allowing claim 44 and the subsequent interview. Applicants request entry of the 
amendments and address Examiner's comments below 



I. Rejections U nder 6 102fe-> - Zag orski T tt 

In paragraph 8 of the Office Action, Examiner rejected claims 1-5, 8-20, 23-28, 
30, 33, 34 and 39-45 under 35 U.S.C. § 102(e) as being anticipated by Zargorski (U.S. ' 
Patent No. 6.789,216X"Zargorski I"). Applicants respectfully traverse this rejection. 
During the interview, Applicants' representative pointed out that Zagorski I was filed 
after the priority date of the present patent application. Examiner clarified that Zargorski 
I is a continuation of Zagorski (U.S. Patent No. 6,490,695)("Zagorski II") which was 
filed before the priority date of the present application. Zagorski II contains portions of 
text cited by the Office Action from Zargorski I. 

Independent Claims 1.4,1 9. 26. 3Q 7 n , 34. 39 and 

Each of the rejected independent claims recites a step of identifying or a step of 
inferring that occurs through network communications. For example, claim 1 teaches 
identifying an operating system of a remote host; identifying a service of the remote host; 
and identifying a vulnerability on the network. Examiner agreed to withdraw the 
rejection based on Zagorski I, and not to reject claims based on Zagorski II, because 
neither reference teaches or suggests identification or inferring through a network as the 
processes associated with Zagorski I and II occur on a local machine. Additionally, 
Zagorski I and II, in disclosing analysis architectures for memory images in computer 
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programs, are not related to the field of vulnerability detection, and fail to disclose 
identification of vulnerabilities as recited in, for example, claim 1. Thus, Applicants 
submit that the rejected independent claims (i.e., claims 1,4, 1 9, 26. 30, 33, 34, 39 and 
43-45), and related dependent claims, are patentable over both Zagorski I and H. 



Rejections Under 6 1 - Arnold 

In paragraph 9 of the Office Action, Examiner rejects claims 3 1, 36 and 38 under 
35 U.S.C. § 102(e) as being anticipated by Arnold (U.S. Patent No. 5,440,723). 
Applicants respectfully traverse this rejection. 

Independent Claim 31 

ClaimSlisdirectedtoamemodofexarniiiinganerwork. The method includes 
the steps of, in part receiving responsive packets from a host; comparing inferential 
information in the responsive packets to information stored in a database; and identifying 
a Trojan application on the network. 

Arnold discloses periodic monitoring of a data processing system for anomalous 
behavior that may indicate the presence of an undesirable software entity such as a 
computer virus, worm, or Trojan Horse. (Arnold 4:61-66). Arnold further disclosures 
that an anomaly detection process runs continually as a foreground or background task on 
the subject computer. (See Arnold 5:2-26). 

Arnold fails to teach or suggest each of the limitations recited in claim 31. First, 
whereas packets are received from a host on the network in claim 31. the process of 
Arnold is limited to interactions on the subject computer where conditions can be 
explicitly determined. It follows that Arnold cannot identify a Trojan application from 
inferential information in the received packets of claim 3 1 . Thus, Applicants submit that 
claim 3 1 is patentable over Arnold. 

Independent Claim 36 

Amended claim 36 is directed to a system for examining a network. The system 
includes, in part, a packet generator that transmits packets to a remote host on the 
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network; and a comparison unit that receives a set of reflex packets from the remote host 
to identity one or more vulnerabilities on the remote host 

Amold fails to teach or suggest each of the limitations recited in claim 36. 
Foremost, in detecting present attacks on the subject computer (i.e., through a virus, 
worm or Trojan Horse), Arnold fails to disclosure identifying a vulnerability (i.e., a 
potential attack) as recited in claim 36. Also, and as discussed with respect to claim 31, 
Arnold is limited to interactions on the subject computer when detecting. Thus, 
Applicants submit that amended claim 36, and related dependent claims, are patentable 



over Arnold. 



m - Rejections U nder S 102(e) - ra^h 

In paragraph 10 of the Office Action, Examiner rejects claim 32 under 35 U.S.C. 
.§ 102(e) as being anticipated by Diersch (U.S. Patent No. 6,101,606). Applicants 
respectfully traverse this rejection. 

Independent Claim 3? 

Claim 32 is directed to a method of examining a network. The method includes 
the steps of, in part: receiving responsive packets; comparing inferential information in 
the responsive packets to information stored in a database; and identifying unauthorized 
software use. 

Diersch discloses an authorization component provided with information 
necessary for the authorization of program usage. (Diersch 5:14-16). Diersch further 
discloses a query for explicit information from a program to a module, the query asking: 
Is the identification code known? Is the license name available or known? (See Diersch 
5:30^3). Diersch also discloses blocking use of the program if any question is answered 
with no. (Diersch 5:47-49). 

Diersch fails to teach or suggest each of the limitations as recited in claim 32. 
Whereas claim 32 uses inferential information to identify unauthorized software use, 
Diersch presents an explicit query requiring explicitly answers in order to authorize a 

program. 
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IV. Objection 



In paragraph 14 of the Office Action, Examiner objects to claim 29 as being 
dependent upon a rejected base claim, but indicates that it would be allowable if rewritten 
in independent form including all of the limitations of the base claim. However, since 
claim 29 depends from allowable base claim 26, such amendment is not necessary. TTius, 
Applicants have respectfully obviated the objection. 
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Conclusion 

In «. Applicants tespeamy sllbmit ^ ^ cIajms m pKxnte6 

patently cashable over the cited references either done or in combination 
OncMng references citt4 ta Mt awIied) AwikmB 

reconsideration and allowance of these claims. 

In addition. Applicants respectfully invite Examiner to contact Applicants' 
representative a, the nnmber provided below if Examiner beUeves i, wiU help expedite 
furtherance of this application. 



Date: August 26, 700 s 



By: 



Respectfully submitted, 




Donan Cartwright, Attorney of Record 

Registration No. 53,853 

Fenwick & West LLP 

Silicon Valley Center 

801 California Street 

Mountain View, CA 94041 

Phone: (650)335-7247 

Fax: (650)938-5200 
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